Seminal Papers

Here is the list of papers for this project. It includes only those papers not protected by copyright (because of the difficulty in obtaining permission). If we get additional funding, we will expand it to include others, and try to secure permission to reproduce them. These are listed alphabetically by author or (if no author) title.

Abstracts of the papers that we have are available in PDF.

Anderson, J. P., Computer Security Technology Planning Study, ESD-TR-73-51, ESD/AFSC, Hanscom AFB, Bedford, MA (Oct. 1972) [NTIS AD-758 206]; Volumes I [PDF] and II [PDF]
Seminal paper on computer security mechanisms
Anderson, J. P., Computer Security Threat Monitoring and Surveillance, James P. Anderson Co., Fort Washington, PA (1980) [PDF]
Seminal paper on the use of auditing and logging for security
Bell, D. E., and La Padula, L., Secure Computer System: Unified Exposition and Multics Interpretation, ESD-TR-75-306, ESD/AFSC, Hanscom AFB, Bedford, MA (1975) [DTIC AD-A023588] [PDF]
Biba, K., Integrity Considerations for Secure Computer Systems, ESD-TR-76-372, ESD/AFSC, Hanscom AFB, Bedford, MA (Apr. 1977) [NTIS ADA039324] [PDF]
Seminal paper on integrity
Bisbey II, R., and Hollingworth, D., Protection Analysis: Final Report; USC/ISI, Marina Del Rey, CA 90291 (May 1978) [PDF]
One of two seminal studies of computer system vulnerabilities.
Committee on Multilevel Data Management Security, Multilevel Data Management Security, Air Force Studies Board, Commission on Engineering and Technical Systems, National Research Council, National Academy Press (1983)
Popularly known as the "Woods Hole Report," this was a major, influential study of database security
Department of Defense Computer Security Evaluation Center, Trusted Computer System Evaluation Criteria (1982)
First version of the TCSEC made available to the public, it is also called the Powder Blue TCSEC
Department of Defense Computer Security Evaluation Center; Trusted Computer System Evaluation Criteria (Orange Book); (1983, 1985) [PDF]
Full version of the TCSEC that influenced study and development of systems
DeWolf, B. and Szulewski, P., Final Report of the 1979 Summer Study on Air Force Computer Security (1979)
Also called the Draper Report, this describes the state of the art at that time
Ford Aerospace, Secure Minicomputer Operating System (KSOS) (1978) [PDF]
Describes an implementation of a provably secure operating system compatible with the UNIX operating system
Hinke, T. H. and Schaefer, M., Secure Data Management System, RADC-TR-75-266, Rome Air Dev. Center, AFSC, Griffiss AFB NY (Nov 1975) [NTIS AD A019201]
Jelen, G., Information Security: An Elusive Goal (1985)
Study arguing that no strategies for making secure products are promising
Karger, P. A., and Schell, R. R., Multics Security Evaluation: Vulnerability Analysis, ESD-TR-74-193 Vol. II, ESD/AFSC, Hanscom AFB, Bedford, MA (June 1974) [PDF]
Described a number of attacks, including the trap-door compiler that Ken Thompson used so effectively in his Turing Award lecture
Lee, T., Processors, Operating Systems and Nearby Peripherals: A Consensus Report (Miami Report) (1980)
First description of evaluation process and criteria
Linden, T., Operating System Structures to Support Security and Reliable Software (1976) [PDF]
Described capability-based architectures
Myers, P., Subversion: The Neglected Aspect of Computer Security (1980) [PDF]
Demonstrated how a Trojan horse could spread to secure system without the attacker having direct access to that system
Neumann, P., et al., A Provably Secure Operating System (1976) [PDF]
First formal design of a system, emphasizing proofs of design before implementation
Nibaldi, G., Proposed Technical Evaluation Criteria for Trusted Computer Systems (1979) [PDF]
First evaluation criteria with levels (5 of them)
Padilla, S. and Benzel, T., Final Evaluation Report of SCOMP (Secure Communications Processor), Department of Defense Computer Security Center (1985)
First A1-rated system
Proceedings of the DoD Computer Security Center Invitational Workshop on Network Security (1985)
Also called the New Orleans Workshop Report, this extensively discussed network security problem
Schacht, J. M., Jobstream Separator System Design, MTR-3022 Vol. 1, The MITRE Corporation, Bedford, MA 01730 (May 1975) [PDF]
Schell, R. R., Downey, P. J., and Popek, G. J., Preliminary Notes on the Design of Secure Military Computer Systems, MCI-73-1, ESD/AFSC, Hanscom AFB, Bedford, MA (Jan. 1973) [PDF]
Schiller, W. L., The Design and Specification of a Security Kernel for the PDP-11/45 (1975) [PDF]
First formal specification of a kernel satisfying the Bell-LaPadula model
Walter, K. G., Ogden, W. F., Gilligan, J. M., Schaeffer, D. D., Schaen, S. L., and Shumway, D. G., Initial Structured Specifications for an Uncompromisable Computer Security System, ESD-TR-75-82, ESD/AFSC, Hanscom AFB, Bedford, MA (July 1975) [NTIS AD-A022 490]
Ware, W., Security Controls for Computer Systems: Report of Defense Science Board Task Force on Computer Security, Rand Report R609-1 (Feb. 1970) [PDF]
The paper that started it all, first raising computer security as a problem
Weissman, C., System Security Analysis/Certification (1973)
Introduced flaw hypothesis methodology
Whitmore, J., Bensoussan, A., Green, P., Hunt, D., Robziar, A., and Stern, J., Design for Multics Security Enhancements, ESD-TR-74-176, ESD/AFSC, Hanscom AFB, Bedford, MA (1074). [PDF]

Papa Hegel he say that all we learn from history is that we learn nothing from history. I know people who can't even learn from what happened this morning. Hegel must have been taking the long view. -- Chad C. Mulligan, "The Hipcrime Vocab"

Matt Bishop
3059 John D. Kemper Hall
Phone: (530) 752-8060
Email: send to my last name at cs dot ucdavis dot edu (this, to slow spam)